First Last Prev Next    This bug is not in your last search results.
Bug 991436 - (CVE-2016-6214) VUL-0: CVE-2016-6214: gd: Buffer over-read issue when parsing crafted TGA file
(CVE-2016-6214)
VUL-0: CVE-2016-6214: gd: Buffer over-read issue when parsing crafted TGA file
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/170935/
CVSSv2:RedHat:CVE-2016-6132:4.3:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-01 09:09 UTC by Sebastian Krahmer
Modified: 2017-05-22 14:29 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
poc.tga (816 bytes, application/octet-stream)
2016-08-23 13:03 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Petr Gajdos 2016-08-02 08:24:23 UTC 
php5/php7's gd does not have tga support.
Comment 3 Petr Gajdos 2016-08-08 10:34:18 UTC 
This is till issue in libgd 2.1.0, though.
Comment 4 Petr Gajdos 2016-08-08 10:37:14 UTC 
From the cve assignment mail:

https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7
Comment 5 Petr Gajdos 2016-08-08 10:47:12 UTC 
affected: 13.2/gd, 12/gd
not affected: 11/gd
Comment 6 Petr Gajdos 2016-08-08 11:07:30 UTC 
No, the correct commit is (that one from comment 4 is for CVE-2016-6132):

https://github.com/libgd/libgd/pull/251/commits/981060efd6415ed9a08a6aa343e6e195bf65fb47
Comment 9 Petr Gajdos 2016-08-08 13:36:58 UTC 
I believe all affected code streams are fixed.
Comment 10 Bernhard Wiedemann 2016-08-08 14:01:01 UTC 
This is an autogenerated message for OBS integration:
This bug (991436) was mentioned in
https://build.opensuse.org/request/show/417845 13.2 / gd
Comment 12 Swamp Workflow Management 2016-08-19 17:10:59 UTC 
openSUSE-SU-2016:2117-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 987577,988032,991436,991622,991710
CVE References: CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214
Sources used:
openSUSE 13.2 (src):    gd-2.1.0-7.11.1
Comment 13 Marcus Meissner 2016-08-23 13:03:31 UTC 
Created attachment 689115 [details]
poc.tga

attached to issue https://github.com/libgd/libgd/issues/248
Comment 14 Bernhard Wiedemann 2016-08-23 14:00:57 UTC 
This is an autogenerated message for OBS integration:
This bug (991436) was mentioned in
https://build.opensuse.org/request/show/421269 Factory / gd
Comment 16 Swamp Workflow Management 2016-09-14 11:11:00 UTC 
SUSE-SU-2016:2303-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 982176,987577,988032,991436,991622,991710,995034
CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Server 12-SP1 (src):    gd-2.1.0-12.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    gd-2.1.0-12.1
Comment 17 Swamp Workflow Management 2016-09-24 00:09:45 UTC 
openSUSE-SU-2016:2363-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 982176,987577,988032,991436,991622,991710,995034
CVE References: CVE-2016-5116,CVE-2016-6128,CVE-2016-6132,CVE-2016-6161,CVE-2016-6207,CVE-2016-6214,CVE-2016-6905
Sources used:
openSUSE Leap 42.1 (src):    gd-2.1.0-10.1
Comment 18 Marcus Meissner 2017-05-22 14:29:47 UTC 
released
First Last Prev Next    This bug is not in your last search results.